FBI warns e-tailers to shore up against attacks

The FBI's National Infrastructure Protection Center issues a warning to e-tailers, telling them to strengthen their defenses against a potential new wave of hacker attacks.

3 January 200212:43 am GMT

With the holiday e-commerce rush in full swing, the FBI is warning e-tailers to strengthen their defenses against a potential new wave of hacker attacks.

There is an "increase in hacker activity specifically targeting U.S. systems associated with e-commerce and other Internet-hosted sites," the FBI-led National Infrastructure Protection Center (NIPC) said in an alert posted on its Web site Friday.

The attacks have occurred mostly on Microsoft Windows NT systems, although Unix-based operating systems have also been hit, according to the agency, which is based at FBI headquarters in Washington. The hackers are exploiting well-known system weaknesses to gain unauthorized access and download information, the NIPC said.

"Although these vulnerabilities are not new," the NIPC said, "this recent activity warrants additional attention by system administrators."

Corporations and other entities large and small have often been targets of attacks. Sometimes hackers sneak their way into a company's Web site and deface it with graffiti and other messages, or even try to disrupt or completely suspend computer systems and Internet business.

In June, America Online said hackers accessed member accounts by means of email attachments sent to the company's employees. AOL said it boosted the security of its email systems as a result of the attacks.

In February, a string of so-called denial-of-service attacks struck e-commerce titans eBay and Amazon.com and e-tailer Buy.com. Around the same time, news site CNN.com, online trading sites E*Trade and Datek Online, and technology information provider ZDNet reported similar attacks.

Denial-of-service disruptions happen when attackers bombard a Web site's servers with fake packets of requests for information. When the victim server responds, the culprit's system steps up the barrage by sending more requests. The system may crash when the affected Web site struggles to keep up with the mounting number of requests.

The NIPC recommends that all computer network systems administrators check relevant systems and apply updated patches as necessary. Specific emphasis should be placed on systems related to e-commerce or e-banking/financial business.

The NIPC, which serves as the U.S. government's source for threat assessment and warnings of attacks against the country's critical infrastructures, said it is still investigating the most recent hacker activity and will provide additional information as it becomes available.